The fact that the compromise of a PDF reader leads to compromise of the entire user account is a failure of the operating system, and Linux/Mac/BSD/Windows all fail equally here.

And since time is money, you can always just switch tabs.

I especially like the recent addition of movie trailers or whatnot as an ad option - as in, before the video starts playing you pick "long boring trailer and no ads" or "all ads, no trailer." I always pick the trailer if given the option, it means I have several _minutes_ to kill on another site, and I flip back when I hear the familiar series intro.

Consumer hardware is pants. Bits flip and stuff randomly breaks - sometimes one leads to the other. It's a miracle that this messaË even reaches you at allËÎÏ

I've personally taught it a few new tricks, you can thank me if you wish.

Not all that much really. Easy enough to run a spambot with user privs. Any of the data you want to steal is in ~. If you last long enough without detection, you can grab the user's password with an X keylogger and start doing extra naughty stuff with root.

This idea intrigues me.

I've been saying that for a long time. People are living in a fairy land right now as far as any desktop OS being 'more secure.'

Would I trust a default Ubuntu install over Windows? Yes.

Does the Ubuntu kernel turn on the NX bit on 32bit? No.
Can users inadvertently run something which will take them from behind? Yes.
Will more marketshare soon lead to legions of zombie Linux desktop machines? Certainly.
Are the above three points excusable? I think not.

You are making it sound like you need root access for a keylogger. That's not true when input is going to X, which is true the majority of the time for all desktop users.

I keep saying this on slashdot but should really get off my ass and do something about it. The Unix security model is totally useless in the context of a desktop machine. So is the Windows security model. Processes are not the users that run them.
PolicyKit needs to be extended to delegate just "superuser" actions but normal actions as well, by program. It should be much like the OLPC or similarly Android - apps which are installed / run the first time should have to ask for a set of permissions they need. These permissions are to be changeable only by the user via a privileged frontend. If my desktop environment happens to start a scary .desktop file, it wouldn't matter. It wouldn't have access to my ~, to the network, or XQueryKeymap...unless it asked nicely first. If something needs to open a document outside of its dot directory it can do so via a _privileged_ file chooser - ask over DBus, and the file that the user picks will be hardlinked into the sandbox.

Those figures won't be useful for very long. Let me future-proof them for you.

Note to readers: Add a trailing 0 to the USD amount for every 6 hours after the parent's post time.

Outsourcing the hardware isn't the benefit. Amazon and friends have that end of the game.

Within some large organization - university, corp, whatever - there are typically a huge number of workstations with lots of redundant hardware that is usually sitting idle, lots of departments with varying computing needs, and some ever changing number of servers, some crusty, some doing lebenty-jillion different jobs...

It's very handy for various departments to be able to provision servers as they need. Some pool of terminal servers can be maintained, serving VPN users as well as thin clients. Physical servers can be brought up and down as needed without even dropping net connections. Maintenance doesn't mean downtime. You're paying for bandwidth and hardware just like you always did, but its a commodity for the people that actually need to use it.

Hardy is version 8.04, not 6.04, and has NTFS read and write support out of the box. Any NTFS partitions show up in the Gnome places menu. Easy.

Servers, network printers and Linux workstations get a cute name.
All servers, printers, and workstations get a standardized boring name in addition.

Hostnames on the machines are set to standardized-cute, such as v16filer2-quark.
An A record exists for all of the standard names. A CNAME exists for all the cute ones.

The cutesie names are a big help to the people that use that particular machine frequently. They're accessible via either, but shell prompts show both (which reinforces both, over time). Hostnames are obviously what show up in automated alerts. All machines have a sticker with both, cutesie one in larger font - eventually you'll learn where thrall is but much less likely to remember the official name.

The (good) devs usually elect to have a Linux workstation, and they get to pick their own name.

Some of the 'mascots' which have appeared on the stickers are certainly quite amusing

Perhaps they could hire some kind of outside contractor - with an extensive botnet and lots of spam-sending experience - at some ridiculous fee! I'm sure with significant compensation, these professionals could be convinced to spam the DoJ.

In all seriousness, all this will do is make a certain few people very very sad inside when they see just how easy it is to fool the common deskmonkey, and just how much info you can get. At best, some of those certain few people will become motivated to make it their profession...

Yet another example of why the "user == app" idea is silly and dated.

The concepts seen on certain mobile phones as well as the OLPC make a lot more sense and are simple enough to understand. An app is not a user. An app is granted some subset of permissions at install time, such as network access and (drumroll please) ability to change system settings.

If you want to get really fancy, you can define perms for an app, perms for a user (such that an app can pop up a UAC prompt to gain (most) of a user's perms in addition to what it already has), and even perms for an app granted by an admin that no user actually has - only the signed Firefox binary at path X can make outgoing port 80 connections, or somesuch.

Notepad doesn't need network access. Notepad doesn't need write access to my entire home directory (especially the ability to delete files) - open/save single files with a gui prompt as 99 percent of files need to do should involve a privileged service. The MS settings apps shouldn't show a UAC prompt - but the solution is NOT to let everybody change system settings - that's just lazy.

Disclaimer: yes, I hate the unix security model even more

The option for "wheels" disappeared - the bugfix was Triaged by adding cinder blocks.